Enable Plesk modsecurity

Plesk offers the possibility to configure the Web Application Firewall (modsecurity) in the administration menu.

What is modsecurity?

Modsecurity is a Web Application Firewalla firewall that allows access to web applications like content management systems (wordpress, joomla, etc.), or other applications and prevents known attacks.

The advantage of modsecurity is the possibility to analyse accesses first and to define accordingly which accesses are legitimate and which have to be rejected directly.

Of course, it is impossible to set up everything yourself, but there are providers who offer ready-made rules, some of them live, and can thus react directly to current threats.

For example, if a new attack on a particular content management system occurs, these providers update their rules and modsecurity can then block these accesses before an infection occurs.

For Plesk users, this is a good program to prevent most known attacks on your application.

In connection with a firewall which filters and blocks the IP addresses you can secure your server well.

External solutions

An external firewall such as Cloudflare WAF works similar with partly the same rules, but offers the possibility to fend off attacks before they reach the server. An optimal protection would therefore be a Web Application Firewall from Cloudflare or Imperva/Incapsula and then only use special rules on the server. This saves computing power and thus speeds up the page considerably.

Alternatively, modsecurity can of course be set up as a reverse proxy and thus use all other web servers besides Apache.

How to install modsecurity in Plesk?

As administrator, simply click on Settings and select the Web Application Firewall (modsecurity) there.

plesk_admin_modsecurity_settingsYou can select from the Plesk menu which provider you want to use the rules from. The OWASP or Atomic Basic rules are free of charge. However, they have the disadvantage that they are rarely updated, or in the case of OWASP the rules are too strong, so that with wordpress, for example, there are problems that you have to exclude them all.

There are here still the inexpensive comodo rules offer a good protection against all threats. However, the license must always be updated.

So if you're too lazy, you can simply use the Atomic subscription rules which provide live protection. But you have to keep in mind that this is not quite true, because the web server has to be reloaded and then the 502 Bad Gateway problem occurs again.

Practical is the Atomic Professional protection which is available together with Cloudflare in the package. Here you can easily remove the web application firewall from Plesk and switch your domains to Cloudfalre as an additional protection mechanism.

The problem here, however, is that you can only protect subdomains, so your site should only be accessible at www.ihrefirma.de and not at yourcompany.com. Alternatively one can use as Cloudflare partners also the Cloudflare Nameservers and offer thus a complete protection.

Because the license prices of Plesk and the add-ons are constantly being increased incalculably, a provider should perhaps consider external licensing.

There are interesting solutions directly from atomicorp, or another way to activate mod_security on the server, or to use directly an external protection like cloudflare.

A good replacement for Plesk because of the uncertain privacy issues with all the plugins would be a German manufacturer of the popular admin panel "Liveconfig".

Please divide the contribution
Share on facebook
Share on twitter
Share on linkedin
Share on pinterest
Share on whatsapp
Share on telegram
Latest posts

Recommended videos from our Youtube Channel